Search for vulnerabilities
Vulnerability details: VCID-scgg-45rj-aaar
Vulnerability ID VCID-scgg-45rj-aaar
Aliases CVE-2006-3746
Summary Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message.
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2006:0615
epss 0.299 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.32693 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.77973 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.77973 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.77973 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.77973 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.77973 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.77973 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.77973 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.77973 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.77973 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.77973 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.77973 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.77973 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.77973 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.77973 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.77973 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
epss 0.81396 https://api.first.org/data/v1/epss?cve=CVE-2006-3746
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=200502
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2006-3746
Reference id Reference type URL
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
http://bugs.debian.org/cgi-bin/bugreport.cgi/gnupg.CVE-2006-3746.diff?bug=381204%3Bmsg=15%3Batt=1
http://bugs.debian.org/cgi-bin/bugreport.cgi/gnupg.CVE-2006-3746.diff?bug=381204;msg=15;att=1
http://issues.rpath.com/browse/RPL-560
http://lists.immunitysec.com/pipermail/dailydave/2006-July/003354.html
http://lwn.net/Alerts/194228/
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-3746.json
https://api.first.org/data/v1/epss?cve=CVE-2006-3746
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200502
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3746
http://secunia.com/advisories/21297
http://secunia.com/advisories/21300
http://secunia.com/advisories/21306
http://secunia.com/advisories/21326
http://secunia.com/advisories/21329
http://secunia.com/advisories/21333
http://secunia.com/advisories/21346
http://secunia.com/advisories/21351
http://secunia.com/advisories/21378
http://secunia.com/advisories/21467
http://secunia.com/advisories/21522
http://secunia.com/advisories/21524
http://secunia.com/advisories/21598
http://security.gentoo.org/glsa/glsa-200608-08.xml
http://securitytracker.com/id?1016622
https://exchange.xforce.ibmcloud.com/vulnerabilities/28220
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11347
http://support.avaya.com/elmodocs2/security/ASA-2006-164.htm
http://www.debian.org/security/2006/dsa-1140
http://www.debian.org/security/2006/dsa-1141
http://www.gossamer-threads.com/lists/gnupg/devel/37623
http://www.mandriva.com/security/advisories?name=MDKSA-2006:141
http://www.novell.com/linux/security/advisories/2006_20_sr.html
http://www.osvdb.org/27664
http://www.redhat.com/support/errata/RHSA-2006-0615.html
http://www.securityfocus.com/archive/1/442012/100/0/threaded
http://www.securityfocus.com/archive/1/442621/100/100/threaded
http://www.securityfocus.com/bid/19110
http://www.ubuntu.com/usn/usn-332-1
http://www.vupen.com/english/advisories/2006/3123
200502 https://bugzilla.redhat.com/show_bug.cgi?id=200502
381204 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=381204
cpe:2.3:a:gnupg:gnupg:1.4.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.4.4:*:*:*:*:*:*:*
CVE-2006-3746 https://nvd.nist.gov/vuln/detail/CVE-2006-3746
CVE-2006-3746;OSVDB-27664 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/28257.txt
CVE-2006-3746;OSVDB-27664 Exploit https://www.securityfocus.com/bid/19110/info
GLSA-200608-08 https://security.gentoo.org/glsa/200608-08
RHSA-2006:0615 https://access.redhat.com/errata/RHSA-2006:0615
USN-332-1 https://usn.ubuntu.com/332-1/
Data source Exploit-DB
Date added July 22, 2006
Description GnuPG 1.4/1.9 - Parse_Comment Remote Buffer Overflow
Ransomware campaign use Known
Source publication date July 22, 2006
Exploit type dos
Platform linux
Source update date Sept. 13, 2013
Source URL https://www.securityfocus.com/bid/19110/info
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2006-3746
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.94702
EPSS Score 0.299
Published At March 29, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.